PRM and ERM – use it in your Personal life

PRM? As we haven’t got enough acronyms in risk management already, I thought another one was required– right?  So, what is PRM? I just made it up – Personal Risk Management! 

They say charity starts at home – so why don’t we look at ERM, sorry PRM, in our personal lives? We can learn a lot from what we do well in our own lives and apply the same principles to our work lives and, bingo, we have good ERM working in our business!

One of the objectives of most people in their personal lives, I hope, is: To live a long and healthy life.

Risk, according to the ISO 31000 standard, is the “effect of uncertainty on objectives”. “Objectives” is where PRM/ERM starts. You cannot do any robust risk management without starting with objectives. This is the critical link between ERM and Strategy. 

The second step is to understand what critical functions need to work well to achieve our objectives. In your personal life, it will include Skeleton, Vital Organs, Skin, Blood etc. In your business life, it is the critical processes on which your business depends – in other words, the critical parts of your operating model.

Compliance_Risk Management.pngOnce we understand the critical functions/processes, we can then begin identifying the risks that could cause the functions/processes to fail. In your personal life this will include such things as, heart attack, melanoma, lung disease and so on. In your work life it will be a suite of corporate risks including transaction processing errors, internal/external fraud, third party failure and so on.

The next stage is to analyse our key risks in detail so we understand their root causes and how they link to the failure of the critical processes and, by default, our objectives.

For example, a heart attack may be caused, amongst other things, from clogged arteries. Clogged arteries, may be caused by cholesterol which in turn could be caused by diet or be hereditary. Heart attack then leads to failure of the heart as a vital organ which leads to the failure of our long and healthy life objective.

We at Protecht, use Bow Tie analysis to analyse and document these parts, connecting root causes, with risk events, with failed critical processes, with objectives.

Lastly, we identify our controls.  For health risk, we may have diet, drugs, regular checkups, surgery etc. These controls can be classified into Preventive, Detective and Reactive controls with Preventive operating at the earliest point and Detective somewhere in the middle while Reactive are at the end. Read the article, Are you a Risk Manager?

An example bow tie for staff absenteeism is shown below: 

BowTie staff.png

Fig 1. Bow Tie analysis example

Source: Protecht.BowTie (available for iOS tablets on the App Store)

Once we have analysed our risks and related controls we need to manage them i.e. the process of Enterprise Risk Management (ERM).

So how do/should we manage our health risks? 

  1. Go for a periodic (maybe annual) health check.
  2. Monitor your health between health checks. A Fitbit can help here.
  3. Be ready for and manage any health incident such as first aid.
  4. Take appropriate actions if you believe health risks are not being adequately managed – additional medication, change of lifestyle.
  5. Ensure that the key treatments you have over your health are effectively working. Ensure you are taking your medication each day.

ERM is this for your business. How healthy are you?

If you want to know how you can improve your business health, come to the Protecht Enterprise Risk Management training. If you are not located in Australia or New Zealand, we also offer it as in-house option.

Here is an overview of the workshop:

1. THE WHY OF ERM? WHERE IS THE INCENTIVE? • The traditional view of risk and risk management • Where’s the reward in risk management? Risk management as an enabler rather than a hindrance • The key objectives of risk management • Importance of linking risks to strategy and objectives • Creating the incentive for ERM.

2. THE WHAT OF ERM? UNDERSTANDING RISKS AND CONTROLS • What is and what is not a risk? • The three components of risk: Root Causes, Events and Impacts • Defining the impacts: Failed Critical Processes and Objectives • Bow Tie Analysis • Describing risk. The do’s and don’ts • Determining the entity level risks and the risk hierarchy • Inherent and Residual risk.

3. THE HOW OF ERM? RISK MANAGEMENT FRAMEWORK AND PROCESSES • Risk Management Framework (RMF) • Governance, Roles and Responsibilities, Three lines of defence, Risk Appetite, Risk Committees • Risk Management processes: Risk Assessment, Controls Assurance, Key Risk Indicators, Incident Management, Issues and Actions Management • Escalation, Reporting and Action • People and Culture • Continuous Improvement.

4. RISK ASSESSMENT • Risk and Control Self Assessment (RCSA) • Stress Testing • Controls Assurance

5. RISK MONITORING • Key Risk Indicators • Incident Management

6. CONTINUOUS IMPROVEMENT • Issues and Actions Management and Risk Treatment methods • Maturity Assessment

7. REPORTING AND ANALYTICS • Risk Reporting • Risk Analytics – moving to proactive risk management • The dashboard report

8. PEOPLE AND CULTURE • The key behaviours • The key drivers of culture • Assessing and reporting culture

Click here to see the final dates and locations for this training, or send an email to for in-house options. 

ASIC Report Whitepaper: A Regulatory Spotlight on Non-Financial Risk

A Regulatory Spotlight on Non-Financial Risk

Download Now

Related Articles

feature image
Risk Management Risk Manager Risk Professionals Protecht.ERM

Common IT questions around Risk Management Software

If you're reading this article, it's likely that you're facing one of these two scenarios: You are a risk manager looking for risk management...
Read more
feature image
Risk Culture Risk Management Training

Risk Management Training to Improve Your Business

As a business seeking to maximise your return on employee investment, there’s hardly a better choice than to educate staff at all levels with risk...
Read more
feature image
Risk Management Risk Professionals Protecht.ERM

Dynamic Risk Profiling

At the end of last year I had the opportunity to do a workshop at the Annual Risk Leaders Conference organised by the Institute of Risk Management...
Read more